CVE Alert: CVE-2025-52203
Vulnerability Summary: CVE-2025-52203
A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel “automatically upon authentication the malicious script executes in the user’s browser context.
Affected Endpoints:
No affected endpoints listed.
Published Date:
7/31/2025, 4:15:31 PM
🔥 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/devaslanphp/project-management/releases
- https://github.com/ischyr/research-and-development/tree/main/CVE-2025-52203
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
